PDF Security (Passwords and Certificates)

Access to PDF files can be secured so that not anyone can open them. This is achieved by encryption – the bytes int PDF file are actually scrambled using a unique key – you will need a key to convert the PDF data back into something which can be opened.

This is a clever way to do it because the key is not in the file but it is woven into the basic fabric of the file so it is very hard to bypass or find. The key for every PDF object uses the key but also the object number, so it is slightly different for every object. This makes it much harder to crack.

The key is usually a password (and there can be 2 possible keywords – the Owner and the User password). Either will work and the Owner password gives you full control while the user password can be given more limited control. Obviously people can guess so the PDF is only as secure as the password chosen – do not make it obvious!

You can also secure a PDF file using a certificate – this is a sort of electronic password which is generated using a tool like keytool. You use it to encrypt the PDF data and send copies to anyone you wish to have access. The certificates are stored in a hidden directory on your machine and can be accessed in Java directly like this.

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(new FileInputStream("c:\\keystorePath\\.keystore"), password);
PrivateKey key = (PrivateKey) keystore.getKey(nameOfCertificate,password);

There is a good explanation of the Keystore class here.

So you can limit access to PDF files to people who know the password or have a copy of the certificate you used to encrypt the PDF file. Everyone will not be able to access the file. Do you use PDF file encryption to secure your documents?

This article is part of the Understanding the PDF file format series. In each article we try to take a specific PDF feature and explain it in simple terms. You can see all the articles so far in the Understanding the PDF file format series.

Check out JPedal for more articles by Mark Stephens

Published
Categorized as Java

By Mark Stephens

Mark Stephens runs IDRsolutions, developing the JPedal PDF library in Java, and shares his thoughts on Java, PDF, the Business of Software and Mediaeval History at http://www.jpedal.org/PDFblog .

Leave a comment